Improper Interaction Between Multiple Correctly-Behaving Entities Affecting darcyclarke-manifest-pkg package, versions *



    Attack Complexity High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • published 29 Jun 2023
  • disclosed 28 Jun 2023
  • credit Darcy Clarke

Introduced: 28 Jun 2023

CVE NOT AVAILABLE CWE-435 Open this link in a new tab
First added by Snyk

How to fix?

There is no fixed version for darcyclarke-manifest-pkg.


darcyclarke-manifest-pkg is a research package to demonstrate the technique of manifest confusion

Affected versions of this package are vulnerable to Improper Interaction Between Multiple Correctly-Behaving Entities. This is not a vulnerability on its own.

This package is a proof of concept of Manifest Confusion, in which the contents of a publicly distributed open source package does not match the contents stated in its manifest file. More information on the discovery can be found on the Snyk Support Portal.